1. Field of the Invention
The present invention relates to a memory protection method and information processing apparatus that protects a memory from an unauthorized access by a program.
2. Description of the Related Art
As a conventional method to protect a memory from an unauthorized access by a program, the execution mode of a central processing unit (CPU) and the function of a memory management unit (MMU) are generally combined. For example, a region accessible in the privileged mode (or highly privileged mode) using the function of the MMU, and a region accessible in both the privileged and non-privileged modes are set using a CPU which discriminates executions in the privileged and non-privileged modes (or privileged modes having a plurality of levels). A memory region usable in only the privileged mode can be set against an unauthorized access in the non-privileged mode. In this method, a region to be protected cannot be freely set independently of the execution mode, but all built-in software programs are often executed in the privileged mode.
As a method of protecting a memory from unauthorized accesses by programs which are executed in the same execution mode, a program is divided into one or more modules, and the respective modules are arranged in unique virtual address spaces. In general, function modules arranged in different virtual address spaces cannot directly access a memory region arranged in another address space (cannot access it without the mediacy of the OS or the like). This can prevent an unauthorized access between modules arranged in address spaces. However, this method needs to use the function of the operating system (OS) in order to access data of another module in response to a function call between modules. Data is generally copied in the OS, decreasing the execution efficiency, compared to directly accessing data of another module.
As a method of protecting a memory from an unauthorized access in a unity address space, there is known a method using an identifier for both a region obtained by dividing a unity address space, and a module (for example, Japanese Patent Laid-Open No. 2002-189633). The module is prohibited from accessing a region having an identifier different from that of the module. When accessing another module, a special space switching program is executed to change the identifier of the access destination to that of the program before access. After the access, the identifier is returned to the original one, limiting an access other than a function call. In this case, data can be directly accessed by addressing. However, an operation regarding an identifier is required in a function call, so the execution efficiency becomes poor, compared to data reference based on a direct function call.
Conventionally, when using a memory protection function, an indirect function call needs to be used to access data held in a different protection region. Even when an access from a specific module in a different protection region is reliable, the accessing module needs to use the indirect function call. The indirect function call is poorer in execution efficiency than the direct function call, decreasing the execution efficiency.